General
-
Target
SKMB20221912.doc
-
Size
3KB
-
Sample
221219-m1fafahh51
-
MD5
7098115ca2335c72ab8442bc0b6a2ab6
-
SHA1
baf1fcae077b05d5686eb641f93c51113f308c5c
-
SHA256
6329d2b46abffc500a9c0a0adc51073db28c10d00727befeb480e4e0832d238b
-
SHA512
5c5c6f54f7a63e77baa245ed4b4cd78d0d3390a4a9eb993bba507646e8ce612c00f734c83863667528aac272a26c9d5e1ef5610773770143a8e3ce9a26a7b0db
Static task
static1
Behavioral task
behavioral1
Sample
SKMB20221912.rtf
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SKMB20221912.rtf
Resource
win10v2004-20221111-en
Malware Config
Extracted
formbook
4.1
8rmt
3472cc.com
takecareyourhair.com
kontolajigasd21.xyz
daihaitrinh.net
syncmostlatestinfo-file.info
lovesolutionsastrologist.info
angelapryan.com
rio727casino.com
jjsgagets.com
devyatkina.online
thegoldenbeautyqatar.com
czytaj-unas24live.monster
timepoachers.com
gayxxxporn.site
72308.xyz
kristanolivo.com
hijrahfwd.com
bmfighters.com
alfamx.website
handfulofbabesbows.com
nationalsocialism.link
mega-recarga-arg.com
rytstack.com
kfav77.xyz
rrexec.net
linetl.top
freedomcleaningusa.com
abofahad3478.tokyo
teamvalvolineeurope.com
kyty4265.com
afrikannaland.info
dharmatradinguae.com
bqylc.buzz
lifeprojectmanager.pro
streeteli.site
68fk.vip
wasemanntrucking.com
auracreitarusblog.com
dfgzyt.cyou
tecnotuto.net
ookkvip.com
247repairs.info
tyvwotnmrlpjgl.biz
courtneymporter.com
gildainterior.com
papiska.xyz
sparrow.run
tyh-group.com
april-zodiac-sign.info
kiaf1.site
cooleyes.live
partasa.com
connecticutinteriors.com
thelovehandles.us
netinseg.website
diaryranch.xyz
serenaderange.com
milano.icu
vapeseasy.com
hengruncosmetics.com
vlashon.com
masberlian.ink
djayadiwangsa.store
nicneni.xyz
ym2668.top
Targets
-
-
Target
SKMB20221912.doc
-
Size
3KB
-
MD5
7098115ca2335c72ab8442bc0b6a2ab6
-
SHA1
baf1fcae077b05d5686eb641f93c51113f308c5c
-
SHA256
6329d2b46abffc500a9c0a0adc51073db28c10d00727befeb480e4e0832d238b
-
SHA512
5c5c6f54f7a63e77baa245ed4b4cd78d0d3390a4a9eb993bba507646e8ce612c00f734c83863667528aac272a26c9d5e1ef5610773770143a8e3ce9a26a7b0db
-
Formbook payload
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-